matt
/
port-nimara-client-portal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
port-nimara-client-portal/server/utils
History
Matt 0ae190b255 MAJOR: Replace keycloak-js with nuxt-oidc-auth for seamless SSO integration 
##  **SOLUTION: Migrate to Server-Side OIDC Authentication**

This completely replaces the problematic keycloak-js client-side implementation
with nuxt-oidc-auth, eliminating all CORS and iframe issues.

###  **Benefits:**
- **No more CORS errors** - Server-side OAuth flow
- **No iframe dependencies** - Eliminates cross-domain issues
- **Works with nginx proxy** - No proxy configuration conflicts
- **Better security** - Tokens handled server-side
- **Cleaner integration** - Native Nuxt patterns
- **Maintains Directus compatibility** - Dual auth support

###  **Installation & Configuration:**
- Added
uxt-oidc-auth module to nuxt.config.ts
- Configured Keycloak provider with proper OIDC settings
- Updated environment variables for security keys

###  **Code Changes:**

#### **Authentication Flow:**
- **middleware/authentication.ts** - Updated to check both Directus + OIDC auth
- **composables/useUnifiedAuth.ts** - Migrated to use useOidcAuth()
- **pages/login.vue** - Updated SSO button to use oidcLogin('keycloak')

#### **Configuration:**
- **nuxt.config.ts** - Added OIDC provider configuration
- **.env.example** - Updated with nuxt-oidc-auth environment variables
- Removed old Keycloak runtime config

#### **Cleanup:**
- Removed keycloak-js dependency from package.json
- Deleted obsolete files:
  - composables/useKeycloak.ts
  - pages/auth/callback.vue
  - server/utils/keycloak-oauth.ts
  - server/api/debug/ directory

###  **Authentication Routes (Auto-Generated):**
- /auth/keycloak/login - SSO login endpoint
- /auth/keycloak/logout - SSO logout endpoint
- /auth/keycloak/callback - OAuth callback (handled automatically)

###  **Security Setup Required:**
Environment variables needed for production:
- NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET
- NUXT_OIDC_TOKEN_KEY (base64 encoded 32-byte key)
- NUXT_OIDC_SESSION_SECRET (48-character random string)
- NUXT_OIDC_AUTH_SESSION_SECRET (48-character random string)

###  **Expected Results:**
 SSO login should work without CORS errors
 Compatible with nginx proxy setup
 Maintains existing Directus authentication
 Server-side session management
 Automatic token refresh

Ready for container rebuild and production testing!
 		2025-06-14 15:58:03 +02:00
..
documeso.ts REVERT Network Updates 2025-06-12 21:54:47 +02:00
email-sync.ts email server updates 2025-06-12 18:05:42 +02:00
email-utils.ts Improve email loading performance and fix UI issues 2025-06-10 18:04:31 +02:00
email.ts Add EOI automation system with email processing and document management 2025-06-10 13:59:09 +02:00
encryption.ts Add email communication system with encrypted credentials 2025-06-09 21:45:06 +02:00
imap-pool.ts Improve email session management and add IMAP connection pooling 2025-06-12 15:53:12 +02:00
minio.ts Add EOI automation system with email processing and document management 2025-06-10 13:59:09 +02:00
nocodb.ts REVERT Network Updates 2025-06-12 21:54:47 +02:00
operation-lock.ts Improve email session management and add IMAP connection pooling 2025-06-12 15:53:12 +02:00